EUVD-2014-3599

Malware in sbrugna...

Design/Logic Flaw

vmdb/app/controllers/applicationcontroller/performance.rb in Red Hat CloudForms 3.1 Management Engine CFME before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."...

CVE-2014-3642

vmdb/app/controllers/applicationcontroller/performance.rb in Red Hat CloudForms 3.1 Management Engine CFME before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."...

PT-2014-5433 · Red Hat · Red Hat Cloudforms

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms versions prior to 5.3 Description: The issue allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method" in the vmdb/app/controllers/application controller/performance....

CFME: dangerous send method in performance.rb

It was found that Red Hat CloudForms contained an insecure send method that accepted user-supplied arguments. An authenticated user could use this flaw to modify the program flow in a way that could result in privilege escalation...